Following the reports that newer versions of Carbanak malware now use Google services to host command-and-control infrastructure to infect organizations and exfiltrate data (the Carbanak group has previously stolen more than $1 billion from banks around the world). IT security experts from Balabit, Lastline, CipherCloud and VASCO Data Security commented below.
“This is important, as a lot of anti malware software will use IP address reputation and threat intelligence to identify malicious traffic. Because this control technique uses the very same services as legitimate Google services, it would be difficult to include in a blacklist.
Phishing and malware installation is an uphill battle enterprises are constantly fighting. Organizations must concentrate on preventing and containing breaches, and especially on detecing those vectors where breached internal computers and user accounts are used to identify and exfiltrate their most important assets.
“We probably don’t store the most sensitive data assets in workstations, thus a breach only becomes really interesting once the breached workstation and user credentials are leveraged to go after an enterprise’s most valuable data and secrets.
“This is where the important role of privileged user behavior analytics comes into play. It can pinpoint the anomalous behaviors of hijacked accounts, which is a pretty good indicator of a breach happening.”
Christopher Kruegel, Co-founder, and CEO atLastline:
“Because Carabanak malware samples we’ve analyzed are environmentally-aware with stealthy and evasive behaviors, they require a stealth sandbox to automatically detect them with an analysis environment that appears to be a victim’s system. Only then will banks and other organizations be protected against these evolving threats.”
.
.
Sundaram Lakshmanan, VP of Technology atCipherCloud:
“This latest attack is part of a disturbing trend: cloud applications are increasingly becoming vectors of choice for hackers – just like Email for Phishing, to spread malware into the enterprise. Despite the best efforts of Google and others, this demonstrates that you can’t put blanket trust in cloud services to protect your most sensitive data.” .
“The innovation demonstrated in attacks against financial transactions is improving at least as fast as the sophistication of our defenses. The result of this arms race is that, increasingly, the area of greatest vulnerability is the human factor. There is no patch for gullibility that can protect users from social engineering attacks. This is typically the first step in these types of attacks, and this will continue to compromise millions of users.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.